Re: [fw-wiz] tunnel vs open a hole

From: Frank Knobbe (
Date: 04/08/03

  • Next message: Weil, Timothy R (BearingPoint): "[fw-wiz] RFC3514 - Evil Bit"
    From: Frank Knobbe <>
    To: Dave Piscitello <>
    Date: 08 Apr 2003 15:34:15 -0500

    On Tue, 2003-04-08 at 12:16, Dave Piscitello wrote:
    > [...]
    > No one discussed the benefits of using an encrypted, authenticated
    > tunnel (SSL, SSH, ...), which do provide additional controls.
    > [...]

    At the same time, some tunnels have certain drawbacks. Depending on what
    tunnel you use, you may not know the senders IP address. For example, if
    you use SSH to forward ports, you don't get the source's IP address (it
    depends how you forward, most of the time the request would be coming
    from I'm not sure about ZBD but I believe it works the same
    way. You would have to check the SSH/ZBD/yourtunnel logs, but that only
    shows you a general connection or the tunnel endpoint, not related or
    associateable to the real request (e.g. tcp port or sequence numbers),
    or to the host behind the endpoint.

    That 'hiding' behind tunnel endpoints can't be a benefit :)



    firewall-wizards mailing list

  • Next message: Weil, Timothy R (BearingPoint): "[fw-wiz] RFC3514 - Evil Bit"